* [Buildroot] [PATCH] package/libcurl: security bump to version 7.71.0
@ 2020-06-24 18:09 Baruch Siach
2020-06-24 19:24 ` Yann E. MORIN
2020-07-16 15:49 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Baruch Siach @ 2020-06-24 18:09 UTC (permalink / raw)
To: buildroot
CVE-2020-8177: curl overwrite local file with -J.
CVE-2020-8169: Partial password leak over DNS on HTTP redirect.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/libcurl/libcurl.hash | 2 +-
package/libcurl/libcurl.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 2157f3d2d21d..104d603f3e0f 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,3 +1,3 @@
# Locally calculated
sha256 db3c4a3b3695a0f317a0c5176acd2f656d18abc45b3ee78e50935a78eb1e132e COPYING
-sha256 032f43f2674008c761af19bf536374128c16241fb234699a55f9fb603fcfbae7 curl-7.70.0.tar.xz
+sha256 cdf18794393d8bead915312708a9e5d819c6e9919de14b20d5c8e7987abd9772 curl-7.71.0.tar.xz
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index cc2ca0aa65a2..11748924ffae 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.70.0
+LIBCURL_VERSION = 7.71.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
--
2.27.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/libcurl: security bump to version 7.71.0
2020-06-24 18:09 [Buildroot] [PATCH] package/libcurl: security bump to version 7.71.0 Baruch Siach
@ 2020-06-24 19:24 ` Yann E. MORIN
2020-07-16 15:49 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2020-06-24 19:24 UTC (permalink / raw)
To: buildroot
Baruch, All,
On 2020-06-24 21:09 +0300, Baruch Siach spake thusly:
> CVE-2020-8177: curl overwrite local file with -J.
>
> CVE-2020-8169: Partial password leak over DNS on HTTP redirect.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Applied to master, thanks!
Regards,
Yann E. MORIN.
> ---
> package/libcurl/libcurl.hash | 2 +-
> package/libcurl/libcurl.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
> index 2157f3d2d21d..104d603f3e0f 100644
> --- a/package/libcurl/libcurl.hash
> +++ b/package/libcurl/libcurl.hash
> @@ -1,3 +1,3 @@
> # Locally calculated
> sha256 db3c4a3b3695a0f317a0c5176acd2f656d18abc45b3ee78e50935a78eb1e132e COPYING
> -sha256 032f43f2674008c761af19bf536374128c16241fb234699a55f9fb603fcfbae7 curl-7.70.0.tar.xz
> +sha256 cdf18794393d8bead915312708a9e5d819c6e9919de14b20d5c8e7987abd9772 curl-7.71.0.tar.xz
> diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
> index cc2ca0aa65a2..11748924ffae 100644
> --- a/package/libcurl/libcurl.mk
> +++ b/package/libcurl/libcurl.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBCURL_VERSION = 7.70.0
> +LIBCURL_VERSION = 7.71.0
> LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
> LIBCURL_SITE = https://curl.haxx.se/download
> LIBCURL_DEPENDENCIES = host-pkgconf \
> --
> 2.27.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/libcurl: security bump to version 7.71.0
2020-06-24 18:09 [Buildroot] [PATCH] package/libcurl: security bump to version 7.71.0 Baruch Siach
2020-06-24 19:24 ` Yann E. MORIN
@ 2020-07-16 15:49 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-07-16 15:49 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> CVE-2020-8177: curl overwrite local file with -J.
> CVE-2020-8169: Partial password leak over DNS on HTTP redirect.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-16 15:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-24 18:09 [Buildroot] [PATCH] package/libcurl: security bump to version 7.71.0 Baruch Siach
2020-06-24 19:24 ` Yann E. MORIN
2020-07-16 15:49 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox